Should You Be Worried About Airport Cybersecurity Threats?

February 12, 2020

Navigating and traveling through an airport can be stressful. Trying to get through security while searching for a boarding pass and assessing whether there’s enough time to jump on that long line for a desperately needed cup of coffee is a universal experience.

With all of that juggling going on, the last thing on your mind are the cybersecurity threats that you might encounter at the airport along the way. Luckily, cybersecurity experts have already put into place a variety of technologies to protect us and keep our cyber lives safe while we travel. So take a deep breath and focus on getting to your seat in a timely manner instead.

Should we be worried about giving our private information to an airline?

As more companies fight to keep your private information private, IEEE Senior member Kevin Curran recommends training all employees to become aware of suspicious activity to reduce the risk of a detrimental company breach.

Airlines need to “train their staff about the dangers of clicking on links and visiting ‘dodgy’ sites,” says Curran. “Staff should also be trained to look for slowdown in performance and how to examine running processes.”

Data breaches can happen to any employee, so training across the entire company is a necessity.

While breaches are a serious concern for any company, IEEE member Kayne McGladrey confirms that you do not need to stop sharing your private information with an airline anytime soon.

“There’s no practical value of worrying about sharing private information with airlines in the course of booking a flight – we’re long past the days where a traveler in the United States could buy a paper ticket with cash by walking up to an airline’s ticket desk and briefly showing a driver’s license,” says McGladrey. “And while it was briefly fashionable to take the train or the bus as an alternative to flying, the reality is that flying is very convenient by comparison. The trade off for that convenience is that travelers must provide personal information to airlines, and those airlines have an obligation to protect the private data that’s been shared by travelers.”

What are the technological advancements that are leveraged to help secure airplanes?

Aviation software manufacturers must be hyper-aware of the information they distribute before it ever sees an airport.

“Airplane manufacturers should focus on securing their software supply chain … to mitigate the risks of malware or inadequately tested software being distributed to airplanes before they leave the manufacturing plant,” says McGladrey.

What are the key underlying technologies that may be vulnerable to cyberattacks and how are they being enhanced to address safety?

“As seen in the recent Sodinokibi ransomware attack against the Albany County Airport, threat actors are attacking those commodity technologies like Windows that underpin a substantial portion of information technology systems in the transportation system,” explains McGladrey. “Thankfully, there is no publicly visible evidence that advanced persistent threat (APT) groups are specifically targeting industrial control systems (ICS) at airports, although that will likely change in the future as APTs expand their targeting beyond the current level of interest in utilities.”

A report by IBM claims it takes 206 days before a data breach is identified, and the average lifecycle of a breach is 314 days. As these attacks become more prevalent, airports and airlines must close the gap on finding these threats faster.

“Airlines and airports should augment their implementation of the National Institute of Standards and Technology (NIST) cybersecurity framework with an eye towards reducing the time to detect adversarial threat actors and strengthening their ability to evict those threat actors quickly after detection,” says McGladrey. “Dedicating resources and developing processes for continuous threat-hunting activities will augment automated detection and log aggregation systems.”

Is it Safe to Use Airport Wi-Fi?

How safe is it to log in to the airport or even use airplane Wi-Fi while you fly?

“Treat public Wi-Fi differently,” says Curran. “You should not use public Wi-Fi hotspots without using a VPN connection. A VPN will encrypt your communications to and from the internet to prevent eavesdropping.”

A VPN uses encryption when it goes through a process of encoding your data. Only a computer with the right decoder will be able to read and use it.

Even if you don’t know how to use a VPN, changes are happening to protect consumers who use public Wi-Fi.

“Part of the set of enhancements recently announced by the Wi-Fi Alliance is a protocol called OWE (Opportunistic Wireless Encryption), which always encrypts connections,” says IEEE member Dorothy Stanley. “You’re not getting the authentication, but it’s a replacement for open networks, and data is now always encrypted. No one can, in the clear, look at all the data being transformed.”

It’s always important to be aware of the cybersecurity threats you encounter in your day-to-day life, and do your best to stay protected in all aspects. But overall, technologists are working to keep you protected as you fly through the sky. So buckle up, turn on your favorite podcast and enjoy the ride!